The Red Hat Security Response Team has rated this update as having moderatesecurity impact. Common Vulnerability Scoring System (CVSS) base scores,which give detailed severity ratings, are available for each vulnerabilityfrom the CVE links in the References section.

A flaw in WebKit could allow malicious web content to trick a user intothinking they are visiting the site reported by the location bar, when thepage is actually content controlled by an attacker. (CVE-2010-3115)

It was found that WebKit did not correctly restrict read access to imagescreated from the "canvas" element. Malicious web content could allow aremote attacker to bypass the same-origin policy and potentially accesssensitive image data. (CVE-2010-3259)

A flaw was found in the way WebKit handled DNS prefetching. Even when itwas disabled, web content containing certain "link" elements could causeWebKitGTK+ to perform DNS prefetching. (CVE-2010-3813)

Users of WebKitGTK+ should upgrade to these updated packages, which containWebKitGTK+ version 1.2.6, and resolve these issues. All runningapplications that use WebKitGTK+ must be restarted for this update to takeeffect.

4. Solution:

Before applying this update, make sure all previously-released erratarelevant to your system have been applied.